Ubuntu LTS kernels were updated to latest version. The update includes a number of security bug fixes.Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them. You can manually update the server by running:# /usr/bin/kcarectl --update Changelog:ubuntu-tru...

This update has no security fixes, as CVE-2015-7872 was fixed earlier.Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.You can manually update the server by running:# /usr/bin/kcarectl --update

Some people were hit by a bug in recent vzkernel-2.6.32-042stab113.11 bug which made quota inside container for simfs not usable.We have released the patch to address the underlying problem. Yet, due to the nature of the bug, and time when devices are created (on boot) - it requires user to run command before quota will start working again.After yo...

The rmemory hardware issue "Rowhammer" was recently discovered to allows privileged escalation. The issue can be mitigated (at least in its current form) by preventing user from reading /proc/$(pid)/pagemap, /proc/kpageflags, /proc/kpagecount files. Yet, this protection is not available from RedHat, CentOS, Parallels. It is not available as part of...

Rebooting is a pain

Rebooting server is a pain. It is often scheduled for the darkest of the night. It requires minutes of downtime, and it can take up to 15 minutes for the server performance to stabilize, and catches to warm up. This is not something you want to do often.Yet, any time there is a security vulnerability in the kernel, a server should be rebooted. This is where KernelCare comes in. It provides a service that will patch security vulnerabilities inside the running kernel - without any downtime or service interruption.

This update includes patch for CVE-2014-9322 vulnerability. I am sorry about unusual delay with this patch. This patch was the most complex patch we have seen so far. It was in assembler code, while most patches are in C. It was altering how interrupt handlers work. It is highly unusual, and there were no such security patches in the past 3 years. ...

Update: The patch has been released on Dec 18, 2014 at 1pm ET. You can read more about it here: http://www.cloudlinux.com/blog/clnews/kernelcare-local-privilege-escalation-patch-for-pcsopenvzcl6cl5hcentos.php We have received numerous requests for CVE-2014-9322 patch. Right now we are running burn in tests that should finish in a few hours. This pa...